Re: CA verify fails but certificates seem to be installed correctly - ???

Tue, 19 Feb 2008 01:15:36 -0800 

Firefox does not use OpenSSL or OpenSSL's certificate mechanism.  It
has its own, and you must import your CA certificate into its store.

For more information, I'd direct you to the
[EMAIL PROTECTED] mailing list.  This is not a bug in
OpenSSL.

-Kyle H

On Feb 19, 2008 12:53 AM, Andreas K. Huettel <[EMAIL PROTECTED]> wrote:
> On Mon, 18 Feb 2008, David Schwartz wrote:
> #]
> #]> When I connect to our printer server, the certificate is never verified
> #]> correctly. When I specify the CA certificate file manually on the command
> #]> line, it works though. The root certificate in question is installed, and
> #]                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> #]> everything looks correct to me. -> ???
> #]
> #]Where is the root certificate installed? Is it somewhere you told OpenSSL 
> to look?
> #]
>
> Hi David,
>
> in the "certs" subdirectory of /etc/ssl, as symlink from the firefox
> directory (see below).
>
> openssl version -a outputs 'OPENSSLDIR: "/etc/ssl"', so that is correct.
>
> Is there anything else I might need to set?
>
> Thanks, Andreas
>
>
>
>
> [EMAIL PROTECTED] /etc/ssl/certs $ openssl x509 -hash -noout -in 
> AddTrust_External_Root.pem
> 3c58f906
> [EMAIL PROTECTED] /etc/ssl/certs $ ls -l 3c58f906.0
> lrwxrwxrwx 1 root root 26  3. Feb 20:18 3c58f906.0 -> 
> AddTrust_External_Root.pem
> [EMAIL PROTECTED] /etc/ssl/certs $ ls -l AddTrust_External_Root.pem
> lrwxrwxrwx 1 root root 61  3. Feb 20:18 AddTrust_External_Root.pem -> 
> /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
> [EMAIL PROTECTED] /etc/ssl/certs $ ls -l 
> /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
> -rw-r--r-- 1 root root 1523  4. Mär 2007  
> /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
> [EMAIL PROTECTED] /etc/ssl/certs $
>
> [EMAIL PROTECTED] /etc/ssl/certs $ openssl version -a
> OpenSSL 0.9.8g 19 Oct 2007
> built on: Sun Feb 17 01:46:36 CET 2008
> platform: linux-elf
> options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int)
> blowfish(idx)
> compiler: i686-pc-linux-gnu-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB
> -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN
> -DTERMIO -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM
> -DMD5_ASM -DRMD160_ASM -DAES_ASM -O2 -march=pentium-m -pipe
> -Wa,--noexecstack
> OPENSSLDIR: "/etc/ssl"
>

Reply via email to